1 min read
Sadly, ransomware infections are routine enough that IT departments have started to develop standardized procedures for rapidly quarantining infected machines, determining the extent of damage and then attempting recovery operations..
For help with locking off computers performing suspicious actions (like modifying thousands of files in a minute), our DatAlert customers are using custom rules and scripts tied to behaviors. They’re running reports in DatAdvantage to rapidly find exactly which files were touched on which servers. However, until recently Varonis has been unable to help with recovery efforts.
While restoring files from backup is the best recovery option, often you’re still left with files which were created since the last backup was taken or in cases where the infection wasn’t promptly caught: where the files encrypted by the ransomware themselves were backed up.
If you’re in this situation, you need to:
- Identify the strain of ransomware you’ve been hit with.
- Locate an unlocking application (if any) for that strain.
To help with both of these recovery tasks, we’ve created a Ransomware Identifier. Enter either the file extension of the ransomware encrypted files, or the name of the ransom note file into the Ransomware Identifier search engine and rapidly get your answers.
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Twitter, Reddit, or Facebook.
Michael Buckbee
Michael has worked as a sysadmin and software developer for Silicon Valley startups, the US Navy, and everything in between.